Page: 1
/ 14
Total 196 questions
Which of the following excerpts would come from a corporate policy?
- A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
- B. The help desk can be reached at 800-passwd1 to perform password resets.
- C. Employees must use strong passwords for accessing corporate assets.
- D. The corporate systems must store passwords using the MD5 hashing algorithm.
Answer : D
In which of the following scenarios would a tester perform a Kerberoasting attack?
- A. The tester has compromised a Windows device and dumps the LSA secrets.
- B. The tester needs to retrieve the SAM database and crack the password hashes.
- C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
- D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.
Answer : C
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
- A. HKEY_CLASSES_ROOT
- B. HKEY_LOCAL_MACHINE
- C. HKEY_CURRENT_USER
- D. HKEY_CURRENT_CONFIG
Answer : C
Reference:
https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
- A. dsrm -users ג€DN=company.com; OU=hq CN=usersג€
- B. dsuser -name -account -limit 3
- C. dsquery user -inactive 3
- D. dsquery -o -rdn -limit 21
Answer : D
Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?
- A. Creating a scope of the critical production systems
- B. Setting a schedule of testing access times
- C. Establishing a white-box testing engagement
- D. Having management sign off on intrusive testing
Answer : B
HOTSPOT -
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:
Answer :
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
- A. Brute force the userג€™s password.
- B. Perform an ARP spoofing attack.
- C. Leverage the BeEF framework to capture credentials.
- D. Conduct LLMNR/NETBIOS-ns poisoning.
Answer : A
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
- A. Nikto
- B. WAR
- C. W3AF
- D. Swagger
Answer : D
Reference:
https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile.
The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
- A. The badge was cloned.
- B. The physical access control server is malfunctioning.
- C. The system reached the crossover error rate.
- D. The employee lost the badge.
Answer : A
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8
Which of the following formats is the correct hash type?
- A. Kerberos
- B. NetNTLMv1
- C. NTLM
- D. SHA-1
Answer : D
During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.
Which of the following would be the BEST target for continued exploitation efforts?
- A. Operating system: Windows 7 Open ports: 23, 161
- B. Operating system: Windows Server 2016 Open ports: 53, 5900
- C. Operating system: Windows 8.1 Open ports: 445, 3389
- D. Operating system: Windows 8 Open ports: 514, 3389
Answer : C
Which of the following would be the BEST for performing passive reconnaissance on a targetג€™s external domain?
- A. Peach
- B. CeWL
- C. OpenVAS
- D. Shodan
Answer : D
Reference:
https://www.securitysift.com/passive-reconnaissance/
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?
- A. The client has applied a hot fix without updating the version.
- B. The threat landscape has significantly changed.
- C. The client has updated their codebase with new features.
- D. Thera are currently no known exploits for this vulnerability.
Answer : A
An attacker uses SET to make a copy of a companyג€™s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEOג€™s login credentials. Which of the following types of attacks is this an example of?
- A. Elicitation attack
- B. Impersonation attack
- C. Spear phishing attack
- D. Drive-by download attack
Answer : A
Reference:
https://www.social-engineer.org/framework/influencing-others/elicitation/
30 days access 